Foreman » Smart Proxy

You are correct.

at the moment its best to protect it via iptables, as its not possible to define which interfaces to bind to (ideally lo).

I guess we should add both the secret key (as a configuration option on the proxy similar to dns setup), and potentially allow to use a remote isc server as well.

I don't think this code is working 100%.
I've changed it to:

def omcmd cmd, msg=nil
      if cmd == "connect" 
        @om = IO.popen("/bin/sh -c '/usr/bin/omshell 2>&1'", "r+")
         if SETTINGS.dhcp_key_name and SETTINGS.dhcp_key_secret
          @om.puts "key #{SETTINGS.dhcp_key_name} \"#{SETTINGS.dhcp_key_secret}\"" 
         end
        @om.puts "server #{name}" 
        @om.puts "connect" 
        @om.puts "new host" 
(...)

logger.debug "omshell: executed - #{SETTINGS.dhcp_key_secret.nil? ? cmd : cmd.gsub(SETTINGS.dhcp_key_secret,"[filtered]")}" 

There's one problem, if the key is incorrect (I forced an incorrect key) Foreman's interface is not reporting the error. In the proxy.log (in debug mode) I can see the error:

(...)
E, [2011-05-03T17:51:57.835019 #10819] ERROR -- : Omshell failed:
> > > obj: <null>
, > obj: host
, > obj: host
, hardware-address = 00:0c:29:38:71:62
, > can't open object: connection reset by peer
, obj: host
, hardware-address = 00:0c:29:38:71:62
, > can't destroy object: not connected
, obj: host
, hardware-address = 00:0c:29:38:71:62
, >
E, [2011-05-03T17:51:57.835393 #10819] ERROR -- : Failed to remove DHCP reservation for  => 192.168.115.156 / 00:0c:29:38:71:62: No response from DHCP server